From: Keith Busch <kbusch@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Maurizio Lombardi <mlombard@redhat.com>,
linux-nvme@lists.infradead.org, axboe@fb.com,
Sagi Grimberg <sagi@grimberg.me>, Ming Lei <minlei@redhat.com>
Subject: Re: nvme-host: disk corruptions when issuing IDENTIFY commands via ioctl()
Date: Thu, 10 Mar 2022 09:38:41 -0800 [thread overview]
Message-ID: <20220310173841.GC329710@dhcp-10-100-145-180.wdc.com> (raw)
In-Reply-To: <20220310160359.GA3733@lst.de>
On Thu, Mar 10, 2022 at 05:04:00PM +0100, Christoph Hellwig wrote:
> On Wed, Mar 09, 2022 at 08:23:03AM -0800, Keith Busch wrote:
> > > Combination of a broken application (does what the spec explicitly
> > > tells it not do) and broken hardware (does the most stupid thing when
> > > fed invalid input), not much the driver can do here.
> >
> > There's nothing the hardware can do either to know it was given invalid
> > input here if PRP2 is page aligned. There's no way it can tell the
> > difference between a PRP List vs PRP destination.
>
> Well, it can know that there must be at most two PRP2 for Identify when
> the MPS is set to 4k. Yes, this is annoying especially with hardware
> allerated frontends, but that's what you get for that stupid globally
> harmful microptimization that PRPs are.
Yep. If the host is purposufully tricked into making a PRP list when the
real payload didn't need it, the device will think PRP2 is the
destination buffer and corrupt that memory, and it's not the device's
fault.
I agree the optimization was not worth the trouble it inflicted.
I don't believe it's the driver's responsibility either, though, and am
completely against the driver providing any sanity checks for broken
apps as Ming advocated. It is a maintenance nightmare and doomed for
failure. Just one example: 1.0's 'Get Log Page' said no PRP lists
allowed, so an older driver enforcing that would have crippled 1.1+
devices.
The app must own the responsibility for using the interface correctly.
prev parent reply other threads:[~2022-03-10 17:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 16:45 nvme-host: disk corruptions when issuing IDENTIFY commands via ioctl() Maurizio Lombardi
2022-03-08 19:52 ` Keith Busch
2022-03-09 0:18 ` Ming Lei
2022-03-09 0:39 ` Keith Busch
2022-03-09 1:02 ` Ming Lei
2022-03-09 1:14 ` Keith Busch
2022-03-09 2:48 ` Ming Lei
2022-03-09 3:09 ` Keith Busch
2022-03-09 6:26 ` Christoph Hellwig
2022-03-09 16:23 ` Keith Busch
2022-03-10 16:04 ` Christoph Hellwig
2022-03-10 17:38 ` Keith Busch [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220310173841.GC329710@dhcp-10-100-145-180.wdc.com \
--to=kbusch@kernel.org \
--cc=axboe@fb.com \
--cc=hch@lst.de \
--cc=linux-nvme@lists.infradead.org \
--cc=minlei@redhat.com \
--cc=mlombard@redhat.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.